Rethinking Disaster Prepardness to Leverage Resources in a Cloud and Mobile World: Presentation given at the 2012 Tennessee Higher Education Symposium (THEITS) - In many respects the disaster recovery plans of today are based upon the environments of old where commodity hardware, cloud resources and mobile devices didn’t exist. In November of 2011 the Tennessee Board of Regents office became the first public higher education organization to move its ERP system to the cloud by having it hosted at the state’s new data center. The following January, state auditors came on site to perform a routine biennial audit. The audit process included an information systems and disaster recovery component which led to a complete rethinking of disaster recovery in the new environment. This presentation chronicled the issues of moving mission critical systems to the cloud and how cloud resources from various sources coupled with mobile devices can be incorporated for cost effective disaster recovery planning.

1. Rethinking Disaster Prepardness
to Leverage Resources
in a Cloud and
Mobile World
Thomas Danford
Jon Calisi
Tennessee Board of Regents
Tennessee Higher Education IT Symposium – April 15, 2012

2. Agenda
Our Goal: Start a discussion on how we might
collectively rethink new DP/DR paradigms
 Auditors and CFOs
 The landscape and how it has changed
 Disaster prepardness challenges
 Our new ERP strategy
 Hosting (cloud) tangible benefits
 Disaster preparedness strategies &
considerations
 Discussion and Q&A
2

4. How the Landscape has Changed!
1986 2011
 Proprietary Hardware  Commodity Hardware
– Expensive & Big – Inexpensive & Small
– Long Lead & Handling – FedEx Overnight
 PCs in 16.6% of Homes  PCs in >82% of Homes
– Modems/RS-232 – Broadband (70%)
– Text Interface – GUI
– Low Computer Literacy – High Computer Literacy
 Brick/Bag Cell Phones  Small “Smart” Phones
– Costly & Poor Coverage – Affordable & Ubiquitous
 On Premise Data Centers  “Cloud” Computing (_aaS)
– Employer Supplied Electronics – Commercialization of IT (BYOD)
– Collaboration in Proximity – Collaboration in the Cloud
4

5. Disaster Preparedness Challenges
Power Failure 42%
Internal IT Hardware Failure 31%
Data Center Network Failure 21%
Failures IT Software Failure 16%
Human Error 16%
Flood 12%
Hurricane 10%
External Fire 7%
Data Center Winter Storm 6%
Failures
Terrorism 4%
Earthquake 3%
Tornado 2%
Chemical Spill 1%
Source: NetApp© Inc.
5

6. Our New ERP Strategy
 Hosted in the cloud at OIR (since October 2011)
– Economies of scale
– Tangible benefits
 DR planning still required
– OIR premium DR packages (Platinum, Gold, Silver, etc.)
– A role reversal of data centers approach
6

7. Hosting (Cloud) Tangible Benefits
Physical Plant
• Intruder Security (Guards, Locks, Cameras, etc.) (State Audit concern)
• HVAC & Environmental Controls (Closed system, Redundant, Excess capacity)
• Power (N+1 Redundant, 2 circuits, Independent path, PDU, UPS/Battery)
• Diesel Generator (Redundant, 5 days operation w/o refueling)
• F-4 Tornado Rated Facility, Not on a floodplain
• Fire Detection & Suppression (State Audit concern)
• Bandwidth & Connectivity (Multiple providers, Independent path)
Infrastructure
• Offsite Data Replication (Disaster recovery/Business Continuity)
• Network Management (Firewalls, Load balancing)
• Server Failover
• Enterprise SAN with commodity disk space (fiber vs. SATA)
• Enterprise Backups (Disk 2 Disk 2 Tape, 30 day onsite disk recovery, De-duplication)
• 4 Year Hardware Refresh
• System and Security Monitoring Appliances & Software (HP OpenView, Security)
Service Levels (Represents Increases in Staff Capability Presently Unavailable)
• Deep bench of Technicians (Networking, Server Admin, DBA)
• Network/Servers/Databases monitored 24 X 7
• Patches and upgrades are managed (State Audit concern)
• Strict Change Control Policy is enforced (State Audit concern)
• Help Desk is available 24 X 7
• Disaster Recovery Plan and Testing (State Audit concern)
• Full-time Security Officer & Staff of 30
7

8. Putting Disaster Recovery into Perspective
 RTO – Recovery Time
Objective
 RPO – Recovery Point $250,000
Objective $200,000
$150,000
 The closer to real time $100,000
protection the higher the $50,000
cost $0
Day Day
 Picking the insurance 1 2
Day Day
3 4
plan that fits your
organization
8

9. The Realities and the Objectives
 Hosting (Cloud) Resources Greatly Reduce Risk
 In a Cloud World (most) all Disasters are Local
 Higher Ed is not an IT Transactional Business
So the Objectives Should be:
 Evaluating “True Risk”
 Balancing Costs in Light of Risk
 Compliance with Audit Expectations
9

10. Disaster Preparedness Strategy
10

11. Backing up the Cloud
 Nightly backups to
central office data
center
 Use UC4 to
automatically move
the backups
 Prepped VMs ready
for Banner
deployment
 The same process for
Banner development
11

12. Central Office Offsite Backup Strategy
 Automatic SAN 2
SAN nightly backups
 Backups will include:
– Mission critical files
– Vm’s
– Email
12

13. Central Office Disaster Preparedness
Strategies
 Telecommuting
 Phasing out desktops
 Bring your own device (BYOD)
 Maximize mobile devices
 Virtualization
13

14. Central Office Disaster Preparedness
Resources
Current Operations During a Disaster
 Local Exchange server  Live.edu
 Office face 2 face meetings  Google Hangout
 Website Communications  Facebook
 My documents  Live.edu SkyDrive
 Departmental files  Live.edu SkyDrive
14

15. Employees – Communications & Mobile
 Chat and text messaging capabilities
 E-mail – Outlook Web App
Thomas.danford@tbr.edu = Thomas.danford@live.tbr.edu
 Mobile Devices
– iPad/iPhone
– Android
– Windows Mobile
 Mobile Apps
– SkyDrive
– OneNote
15

16. Employees – Working with Files and Data
 Storage – 25GB/employee
– SkyDrive (drag and drop from desktop)
– Ability to sync
– Ability to share files/directories
 Applications – cloud based with desktop integration
– Bing search Engine
– PowerPoint
– OneNote
– Word
– Excel
16

17. Personal Resources (Mobile Apps)
 News and weather
 Business continuity
 Cloud storage
 Utilities
 Others?
17

18. Discussion and Q&A
 What’s happening on your campus?
 Ideas & suggestions?
 Interest in collaborating?
Thank You!
Thomas Danford Jon Calisi
Tennessee Board of Regents Tennessee Board of Regents
http://www.linkedin.com/in/tdanford
http://twitter.com/tdanford
18